The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Ubuntu

vulnerability alert 27421

AppArmor: security improvement

Synthesis of the vulnerability

The security of AppArmor was improved.
Impacted products: Ubuntu.
Severity: 1/4.
Creation date: 05/10/2018.
Identifiers: USN-3784-1, VIGILANCE-VUL-27421.

Description of the vulnerability

This bulletin is about a security improvement.

It does not describe a vulnerability.

The security of AppArmor was therefore improved.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2018-12232

Linux kernel: NULL pointer dereference via sock_close/sockfs_setattr

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via sock_close/sockfs_setattr of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, RHEL, Ubuntu.
Severity: 1/4.
Creation date: 13/06/2018.
Identifiers: CERTFR-2018-AVI-408, CERTFR-2018-AVI-413, CVE-2018-12232, FEDORA-2018-bb7aab12cb, RHSA-2018:2948-01, USN-3752-1, USN-3752-2, USN-3752-3, VIGILANCE-VUL-26414.

Description of the vulnerability

The Noyau Linux product offers a web service.

However, it does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced via sock_close/sockfs_setattr of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2018-5735

ISC BIND: assertion error via DNSSEC

Synthesis of the vulnerability

An attacker can force an assertion error via DNSSEC of ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, Ubuntu.
Severity: 2/4.
Creation date: 19/02/2018.
Identifiers: CVE-2018-5735, DLA-1285-1, USN-3574-1, VIGILANCE-VUL-25321.

Description of the vulnerability

An attacker can force an assertion error via DNSSEC of ISC BIND, in order to trigger a denial of service.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-1000026

Linux kernel: denial of service via the bnx2x driver

Synthesis of the vulnerability

An attacker can block the netword card drived by the bnx2x module of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 12/02/2018.
Identifiers: CERTFR-2018-AVI-147, CERTFR-2018-AVI-165, CERTFR-2018-AVI-170, CERTFR-2018-AVI-196, CERTFR-2018-AVI-198, CVE-2018-1000026, FEDORA-2018-03a6606cb5, FEDORA-2018-7a62047e30, FEDORA-2018-884a105c04, openSUSE-SU-2018:0781-1, RHSA-2018:2948-01, RHSA-2018:3083-01, RHSA-2018:3096-01, SUSE-SU-2018:0785-1, SUSE-SU-2018:0786-1, SUSE-SU-2018:0986-1, USN-3617-1, USN-3617-2, USN-3617-3, USN-3619-1, USN-3619-2, USN-3620-1, USN-3620-2, USN-3632-1, VIGILANCE-VUL-25279.

Description of the vulnerability

An attacker can block the netword card drived by the bnx2x module of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-1053

PostgreSQL: password disclosure via pg_upgrade

Synthesis of the vulnerability

The tool "pg_upgrade" creates world readable temporary files including passwords.
Impacted products: Debian, openSUSE Leap, PostgreSQL, RHEL, Ubuntu, WindRiver Linux.
Severity: 2/4.
Creation date: 08/02/2018.
Identifiers: CVE-2018-1053, DLA-1271-1, openSUSE-SU-2018:0523-1, openSUSE-SU-2018:0529-1, openSUSE-SU-2018:0688-1, RHSA-2018:2511-01, RHSA-2018:2566-01, USN-3564-1, VIGILANCE-VUL-25242.

Description of the vulnerability

The tool "pg_upgrade" creates world readable temporary files including passwords.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-16911

Linux kernel: information disclosure via vhci_hcd

Synthesis of the vulnerability

An attacker can get kernel addresses via the vhci_hcd driver of the Linux kernel, in order to obtain sensitive information.
Impacted products: Debian, Linux, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 01/02/2018.
Identifiers: CERTFR-2018-AVI-161, CERTFR-2018-AVI-170, CERTFR-2018-AVI-197, CERTFR-2018-AVI-206, CERTFR-2018-AVI-224, CERTFR-2018-AVI-241, CERTFR-2018-AVI-408, CVE-2017-16911, DLA-1369-1, DSA-4187-1, SUSE-SU-2018:0834-1, SUSE-SU-2018:0848-1, SUSE-SU-2018:1080-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1309-1, USN-3619-1, USN-3619-2, USN-3754-1, VIGILANCE-VUL-25197.

Description of the vulnerability

An attacker can get kernel addresses via the vhci_hcd driver of the Linux kernel, in order to obtain sensitive information.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2018-5750

Linux kernel: adress disclosure via the boot log

Synthesis of the vulnerability

A local attacker can read the log file for kernel boot messages, in order to get kernel addresses.
Impacted products: Debian, Fedora, Linux, RHEL, Ubuntu.
Severity: 1/4.
Creation date: 29/01/2018.
Identifiers: CERTFR-2018-AVI-198, CERTFR-2018-AVI-321, CVE-2018-5750, DLA-1349-1, DLA-1369-1, DSA-4120-1, DSA-4120-2, DSA-4179-1, DSA-4187-1, FEDORA-2018-884a105c04, FEDORA-2018-d09a73ce72, FEDORA-2018-d82b617d6c, RHSA-2018:0676-01, RHSA-2018:1062-01, RHSA-2018:2948-01, USN-3631-1, USN-3631-2, USN-3697-1, USN-3697-2, USN-3698-1, USN-3698-2, VIGILANCE-VUL-25170.

Description of the vulnerability

A local attacker can read the log file for kernel boot messages, in order to get kernel addresses.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-5784

LibTIFF: denial of service

Synthesis of the vulnerability

An attacker can trigger an overuse of resources in LibTIFF, in order to trigger a denial of service.
Impacted products: Debian, Fedora, LibTIFF, openSUSE Leap, Ubuntu, WindRiver Linux.
Severity: 1/4.
Creation date: 22/01/2018.
Identifiers: 2772, CVE-2018-5784, DLA-1391-1, DLA-1411-1, FEDORA-2018-e6a51e99a4, openSUSE-SU-2018:1204-1, USN-3602-1, USN-3606-1, VIGILANCE-VUL-25132.

Description of the vulnerability

An attacker can trigger an overuse of resources in LibTIFF, in order to trigger a denial of service.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2016-10708

OpenSSH: NULL pointer dereference via a NEWKEYS message

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in OpenSSH via an out of order NEWKEYS message, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Data ONTAP, OpenSSH, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 22/01/2018.
Identifiers: CVE-2016-10708, DLA-1257-1, DLA-1500-1, DLA-1500-2, K32485746, NTAP-20180423-0003, openSUSE-SU-2018:2128-1, SUSE-SU-2018:1989-1, SUSE-SU-2018:2275-1, SUSE-SU-2018:2530-1, SUSE-SU-2018:2685-1, SUSE-SU-2018:3540-1, USN-3809-1, VIGILANCE-VUL-25131.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced in OpenSSH via an out of order NEWKEYS message, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2017-12193

Linux kernel: NULL pointer dereference via assoc_array_apply_edit

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via assoc_array_apply_edit() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 02/11/2017.
Identifiers: CERTFR-2017-AVI-448, CERTFR-2017-AVI-454, CERTFR-2017-AVI-458, CERTFR-2018-AVI-321, CVE-2017-12193, FEDORA-2017-38b37120a2, FEDORA-2017-9fbb35aeda, FEDORA-2018-884a105c04, openSUSE-SU-2017:3358-1, openSUSE-SU-2017:3359-1, RHSA-2018:0151-01, SUSE-SU-2017:3210-1, SUSE-SU-2017:3249-1, SUSE-SU-2017:3398-1, SUSE-SU-2017:3410-1, USN-3507-1, USN-3507-2, USN-3509-1, USN-3509-2, USN-3509-3, USN-3509-4, USN-3698-1, USN-3698-2, VIGILANCE-VUL-24308.

Description of the vulnerability

The Noyau Linux product offers a web service.

However, it does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced via assoc_array_apply_edit() of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Ubuntu: